Subversion Repositories ALCASAR

Rev

Rev 2840 | Rev 2842 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2840 Rev 2841
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#  $Id: alcasar.sh 2840 2020-06-27 22:35:40Z rexy $
2
#  $Id: alcasar.sh 2841 2020-06-28 21:49:00Z rexy $
3
 
3
 
4
# alcasar.sh
4
# alcasar.sh
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
5
# ALCASAR is a Free and open source NAC created by Franck BOUIJOUX (3abtux), Pascal LEVANT and Richard REY (Rexy)
6
# This script is distributed under the Gnu General Public License (GPL)
6
# This script is distributed under the Gnu General Public License (GPL)
7
#  team@alcasar.net
7
#  team@alcasar.net
Line 1288... Line 1288...
1288
	$SED "s?^#authplugin = '/etc/e2guardian/authplugins/port.conf'?authplugin = '/etc/e2guardian/authplugins/port.conf'?g" $DIR_DG/e2guardian.conf
1288
	$SED "s?^#authplugin = '/etc/e2guardian/authplugins/port.conf'?authplugin = '/etc/e2guardian/authplugins/port.conf'?g" $DIR_DG/e2guardian.conf
1289
	$SED "s?^#mapauthtoports =.*?mapauthtoports = off?g" $DIR_DG/e2guardian.conf
1289
	$SED "s?^#mapauthtoports =.*?mapauthtoports = off?g" $DIR_DG/e2guardian.conf
1290
# Enable clamd scanner
1290
# Enable clamd scanner
1291
	$SED "s?^#contentscanner = '/etc/e2guardian/contentscanners/clamdscan.conf'?contentscanner = '/etc/e2guardian/contentscanners/clamdscan.conf'?g" $DIR_DG/e2guardian.conf
1291
	$SED "s?^#contentscanner = '/etc/e2guardian/contentscanners/clamdscan.conf'?contentscanner = '/etc/e2guardian/contentscanners/clamdscan.conf'?g" $DIR_DG/e2guardian.conf
1292
 
1292
 
-
 
1293
# Adapt the first group conf file
-
 
1294
	[ -e $DIR_DG/e2guardianf1.conf.default ] || cp $DIR_DG/e2guardianf1.conf $DIR_DG/e2guardianf1.conf.default
-
 
1295
# Reporting (deny page) in HTML
-
 
1296
	$SED "s/^reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/e2guardianf1.conf
-
 
1297
	$SED "s/^groupname =.*/groupname = 'blacklisted users'/g" $DIR_DG/e2guardianf1.conf
-
 
1298
 
-
 
1299
###### ALCASAR special filtering ####
1293
# RAZ bannedphraselist
1300
# RAZ bannedphraselist
1294
	cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
1301
	cp $DIR_DG/lists/bannedphraselist $DIR_DG/lists/bannedphraselist.default
1295
	$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (comment what is not)
1302
	$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedphraselist # (comment what is not)
1296
 
-
 
1297
# Disable URL control with regex
1303
# Disable URL control with regex
1298
    cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
1304
    cp $DIR_DG/lists/bannedregexpurllist $DIR_DG/lists/bannedregexpurllist.default
1299
	$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (comment what is not)
1305
	$SED "s?^[^#]?#&?g" $DIR_DG/lists/bannedregexpurllist # (comment what is not)
1300
 
-
 
1301
# Adapt the first group conf file
-
 
1302
	[ -e $DIR_DG/e2guardianf1.conf.default ] || cp $DIR_DG/e2guardianf1.conf $DIR_DG/e2guardianf1.conf.default
-
 
1303
# Reporting (deny page) in HTML
-
 
1304
	$SED "s/^reportinglevel =.*/reportinglevel = 3/g" $DIR_DG/e2guardianf1.conf
-
 
1305
 
-
 
1306
# Copy the fist group conf file to the second
-
 
1307
	cp $DIR_DG/e2guardianf1.conf $DIR_DG/e2guardianf2.conf
-
 
1308
 
-
 
1309
# Replace the default deny HTML page (only fr & uk) --> !!! search why our pages make the server crash... 
1306
# Replace the default deny HTML page (only fr & uk) --> !!! search why our pages make the server crash... 
1310
#	[ -e /usr/share/e2guardian/languages/french/template.html.default ] || mv /usr/share/e2guardian/languages/french/template.html /usr/share/e2guardian/languages/french/template.html.default
1307
#	[ -e /usr/share/e2guardian/languages/french/template.html.default ] || mv /usr/share/e2guardian/languages/french/template.html /usr/share/e2guardian/languages/french/template.html.default
1311
#	cp -f $DIR_CONF/template-fr.html /usr/share/e2guardian/languages/french/template.html
1308
#	cp -f $DIR_CONF/template-fr.html /usr/share/e2guardian/languages/french/template.html
1312
#	[ -e /usr/share/e2guardian/languages/ukenglish/template.html.default ] || mv /usr/share/e2guardian/languages/ukenglish/template.html /usr/share/e2guardian/languages/ukenglish/template.html.default
1309
#	[ -e /usr/share/e2guardian/languages/ukenglish/template.html.default ] || mv /usr/share/e2guardian/languages/ukenglish/template.html /usr/share/e2guardian/languages/ukenglish/template.html.default
1313
#	cp -f $DIR_CONF/template.html /usr/share/e2guardian/languages/ukenglish/template.html
1310
#	cp -f $DIR_CONF/template.html /usr/share/e2guardian/languages/ukenglish/template.html
Line 1318... Line 1315...
1318
	touch $DIR_DG/lists/bannedmimetypelist
1315
	touch $DIR_DG/lists/bannedmimetypelist
1319
# Empty LAN IP list that won't be WEB filtered
1316
# Empty LAN IP list that won't be WEB filtered
1320
	[ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default
1317
	[ -e $DIR_DG/lists/exceptioniplist.default ] || mv $DIR_DG/lists/exceptioniplist $DIR_DG/lists/exceptioniplist.default
1321
	touch $DIR_DG/lists/exceptioniplist
1318
	touch $DIR_DG/lists/exceptioniplist
1322
# Creation of ALCASAR banned site list
1319
# Creation of ALCASAR banned site list
1323
	[ -e $DIR_DG/lists/bannedsitelist.default ] || mv $DIR_DG/lists/bannedsitelist $DIR_DG/lists/bannedsitelist.default
1320
	[ -e $DIR_DG/lists/greysitelist.default ] || mv $DIR_DG/lists/greysitelist $DIR_DG/lists/greysitelist.default
1324
	cat <<EOF > $DIR_DG/lists/bannedsitelist
1321
	cat <<EOF > $DIR_DG/lists/greysitelist
1325
# E2guardian filter config for ALCASAR
1322
# E2guardian filter config for ALCASAR
1326
# In ALCASAR E2guardian filters only URLs (domains are filtered with unbound)
1323
# In ALCASAR E2guardian filters only URLs (domains are filtered with unbound)
1327
# block all sites except those in the exceptionsitelist --> liste blanche (désactivée)
-
 
1328
#**
-
 
1329
# block all SSL and CONNECT tunnels
1324
# block all SSL and CONNECT tunnels
1330
**s
1325
**s
1331
# block all SSL and CONNECT tunnels specified only as an IP
1326
# block all SSL and CONNECT tunnels specified only as an IP
1332
*ips
1327
*ips
1333
# block all sites specified only by an IP
1328
# block all sites specified only by an IP
Line 1352... Line 1347...
1352
EOF
1347
EOF
1353
# 'Safesearch' regex actualisation
1348
# 'Safesearch' regex actualisation
1354
	$SED "s?images?search?g" $DIR_DG/lists/urlregexplist
1349
	$SED "s?images?search?g" $DIR_DG/lists/urlregexplist
1355
# change the google safesearch ("safe=strict" instead of "safe=vss")
1350
# change the google safesearch ("safe=strict" instead of "safe=vss")
1356
	$SED "s?safe=vss?safe=strict?g" $DIR_DG/lists/urlregexplist
1351
	$SED "s?safe=vss?safe=strict?g" $DIR_DG/lists/urlregexplist
-
 
1352
 
-
 
1353
# Create & adapt the second group conf file (av + av_wl)
-
 
1354
	cp $DIR_DG/e2guardianf1.conf.default $DIR_DG/e2guardianf2.conf
-
 
1355
	$SED "s?^reportinglevel =.*?reportinglevel = 3?g" $DIR_DG/e2guardianf2.conf
-
 
1356
	$SED "s/^groupname =.*/groupname = 'antimalware & whitelested users'/g" $DIR_DG/e2guardianf2.conf
-
 
1357
	$SED "s/\/lists\/bannedurllist'/urllist = 'name=banned,messageno=501,path=\/etc\/e2guardian\/lists\/bannedurllist.default'/g" $DIR_DG/e2guardianf2.conf # no banned urls
-
 
1358
 
1357
# create log folder
1359
# create log folder
1358
    mkdir -p /var/log/e2guardian
1360
    mkdir -p /var/log/e2guardian
1359
	chown -R e2guardian /etc/e2guardian /var/log/e2guardian
1361
	chown -R e2guardian /etc/e2guardian /var/log/e2guardian
1360
} # End of e2guardian()
1362
} # End of e2guardian()
1361
 
1363
 
Line 1364... Line 1366...
1364
## - Set the parameters of clamav and freshclam                 ##
1366
## - Set the parameters of clamav and freshclam                 ##
1365
##################################################################
1367
##################################################################
1366
antivirus()
1368
antivirus()
1367
{
1369
{
1368
# Clamd adaptation to e2guardian
1370
# Clamd adaptation to e2guardian
-
 
1371
[ -e /lib/systemd/system/clamav-daemon.service.default ] || cp /lib/systemd/system/clamav-daemon.service /lib/systemd/system/clamav-daemon.service.default
-
 
1372
	$SED "/^[Service]/a ExecStartPre=\/bin\/chown e2guardian:e2guardian \/run\/clamav" /lib/systemd/system/clamav-daemon.service
-
 
1373
	$SED "/^[Service]/a ExecStartPre=\/bin\/mkdir -p \/run\/clamav" /lib/systemd/system/clamav-daemon.service
1369
[ -e /etc/clamd.conf.default ] || cp /etc/clamd.conf /etc/clamd.conf.default
1374
[ -e /etc/clamd.conf.default ] || cp /etc/clamd.conf /etc/clamd.conf.default
1370
	$SED "s?^User.*?User e2guardian?g" /etc/clamd.conf
1375
	$SED "s?^User.*?User e2guardian?g" /etc/clamd.conf
-
 
1376
	$SED "s?^MaxThreads.*?MaxThreads 32?g" /etc/clamd.conf
-
 
1377
	$SED "s?^#LogTime.*?LogTime yes?g" /etc/clamd.conf # enable logtime for each message
-
 
1378
	$SED "s?^LogVerbose.*?LogVerbose no?g" /etc/clamd.conf
-
 
1379
	$SED "s?^#LogRotate.*?LogRotate yes?g" /etc/clamd.conf
1371
	chown -R e2guardian:e2guardian /var/log/clamav /var/lib/clamav
1380
	chown -R e2guardian:e2guardian /var/log/clamav /var/lib/clamav
1372
	chmod 775 /var/log/clamav /var/lib/clamav
1381
	chmod 775 /var/log/clamav /var/lib/clamav
1373
	chmod 664 /var/log/clamav/*
1382
	chmod 664 /var/log/clamav/*
1374
# update virus database every 4 hours (24h/6)
1383
# update virus database every 4 hours (24h/6)
1375
	[ -e /etc/freshclam.conf.default ] || cp /etc/freshclam.conf /etc/freshclam.conf.default
1384
	[ -e /etc/freshclam.conf.default ] || cp /etc/freshclam.conf /etc/freshclam.conf.default
1376
	$SED "s?^Checks.*?Checks 6?g" /etc/freshclam.conf
1385
	$SED "s?^Checks.*?Checks 6?g" /etc/freshclam.conf
1377
	$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
1386
	$SED "s?^NotifyClamd.*?# NotifyClamd /etc/clamd.conf?g" /etc/freshclam.conf
1378
	$SED "/^DatabaseMirror/a DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf
1387
	$SED "/^DatabaseMirror/a DatabaseMirror db.fr.clamav.net" /etc/freshclam.conf
1379
	$SED "s?MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf
1388
	$SED "s?^MaxAttempts.*?MaxAttempts 3?g" /etc/freshclam.conf
1380
	$SED "s?^DatabaseOwner.*?DatabaseOwner e2guardian?g" /etc/freshclam
1389
	$SED "s?^DatabaseOwner.*?DatabaseOwner e2guardian?g" /etc/freshclam.conf
1381
	
-
 
1382
# update now
1390
# update now
1383
	/usr/bin/freshclam --no-warnings --quiet
1391
	/usr/bin/freshclam --no-warnings --quiet
1384
} # End of antivirus()
1392
} # End of antivirus()
1385
 
1393
 
1386
##############################################################
1394
##############################################################
Line 2169... Line 2177...
2169
# GRUB2 modifications (Wait time : 3s - ALCASAR entry - VGA=791 - Change the default banner
2177
# GRUB2 modifications (Wait time : 3s - ALCASAR entry - VGA=791 - Change the default banner
2170
	[ -e /etc/default/grub.default ]  || cp /etc/default/grub /etc/default/grub.default
2178
	[ -e /etc/default/grub.default ]  || cp /etc/default/grub /etc/default/grub.default
2171
	$SED "s?^GRUB_TIMEOUT=.*?GRUB_TIMEOUT=3?g" /etc/default/grub
2179
	$SED "s?^GRUB_TIMEOUT=.*?GRUB_TIMEOUT=3?g" /etc/default/grub
2172
	$SED "s?^GRUB_DISTRIBUTOR=.*?GRUB_DISTRIBUTOR=ALCASAR?g" /etc/default/grub
2180
	$SED "s?^GRUB_DISTRIBUTOR=.*?GRUB_DISTRIBUTOR=ALCASAR?g" /etc/default/grub
2173
	[ -e /etc/mageia-release.default ]  || cp /etc/mageia-release /etc/mageia-release.default
2181
	[ -e /etc/mageia-release.default ]  || cp /etc/mageia-release /etc/mageia-release.default
2174
	vm_vga=`lsmod | egrep -c "virtio|vmwgfx|vbox"` # test if in VM
2182
	vm_vga=`lsmod | egrep -c "virtio|vmwgfx"` # test if in VM
2175
	if [ $vm_vga == 0 ] # is not a VM
2183
	if [ $vm_vga == 0 ] # is not a VM
2176
	then
2184
	then
2177
		cp -f $DIR_CONF/banner /etc/mageia-release # ALCASAR ASCII-Art
2185
		cp -f $DIR_CONF/banner /etc/mageia-release # ALCASAR ASCII-Art
2178
		echo >> /etc/mageia-release
2186
		echo >> /etc/mageia-release
2179
		$SED "s?^GRUB_CMDLINE_LINUX_DEFAULT=\"?&vga=791 ?" /etc/default/grub
2187
		$SED "s?^GRUB_CMDLINE_LINUX_DEFAULT=\"?&vga=791 ?" /etc/default/grub